HOWTO to enable local root login

English Forums Feedback
1

For some reason this has been disabled, or better impossible to do.

You need to edit in
/etc/sysconfig…the file “displaymanager”

## Path:    Desktop/Display manager
## Description:    settings to generate a proper displaymanager config

## Type:    string(kdm,kdm3,kdm4,xdm,gdm,wdm,entrance,console)
## Default:    ""
#
# Here you can set the default Display manager (kdm/xdm/gdm/wdm/entrance/console).
# all changes in this file require a restart of the displaymanager
#
DISPLAYMANAGER="kdm"

## Type:    yesno
## Default:    no
#
# Allow remote access (XDMCP) to your display manager (xdm/kdm/gdm). Please note
# that a modified kdm or xdm configuration, e.g. by KDE control center
# will not be changed. For gdm, values will be updated after change.
# XDMCP service should run only on trusted networks and you have to disable
# firewall for interfaces, where you want to provide this service.
#
DISPLAYMANAGER_REMOTE_ACCESS="no"

## Type:    yesno
## Default:    no
#
# Allow remote access of the user root to your display manager. Note
# that root can never login if DISPLAYMANAGER_SHUTDOWN is "auto" and
# System/Security/Permissions/PERMISSION_SECURITY is "paranoid"
#
**DISPLAYMANAGER_ROOT_LOGIN_LOCAL="yes"

## Type:    yesno
## Default:    yes
#
# Let the displaymanager start a local Xserver.**

DISPLAYMANAGER_ROOT_LOGIN_REMOTE="no"

## Type:    yesno
## Default:    yes
#
# Let the displaymanager start a local Xserver.
# Set to "no" for remote-access only.
# Set to "no" on architectures without any Xserver (e.g. s390/s390x).
#
DISPLAYMANAGER_STARTS_XSERVER="yes"

## Type:        yesno
## Default:     no
#
# TCP port 6000 of Xserver. When set to "no" (default) Xserver is
# started with "-nolisten tcp". Only set this to "yes" if you really
# need to. Remote X service should run only on trusted networks and
# you have to disable firewall for interfaces, where you want to
# provide this service. Use ssh X11 port forwarding whenever possible.
#
DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN="no"

## Type:    string
## Default:
#
# Define the user whom should get logged in without request. If string
# is empty, display standard login dialog.
#
DISPLAYMANAGER_AUTOLOGIN="hase"

## Type:        yesno
## Default:     no
#
# Allow all users to login without password, but ask for the user, if
# DISPLAYMANAGER_AUTOLOGIN is empty.
#
DISPLAYMANAGER_PASSWORD_LESS_LOGIN="no"

## Type:        yesno
## Default:     no
#
# Display a combobox for Active Directory domains.
#
DISPLAYMANAGER_AD_INTEGRATION="no"

## Type:    list(root,all,none,auto)
## Default: auto
#
# Determine who will be able to shutdown or reboot the system in kdm.  Valid
# values are: "root" (only root can shutdown), "all" (everybody can shutdown),
# "none" (nobody can shutdown from displaymanager), "auto" (follow
# System/Security/Permissions/PERMISSION_SECURITY to decide: "easy local" is
# equal to "all", everything else is equal to "root").  gdm respects the
# PolicyKit settings for ConsoleKit. Shutdown configuration can be done via
# the polkit-default-privs mechanism.
#
DISPLAYMANAGER_SHUTDOWN="auto"

## Type:        string
## Default:     ""
#
# Mode to configure on output devices by default
# (RANDR 1.2 compatible drivers only).
#
# If set to "auto", DISPLAYMANAGER_RANDR_MODE_auto is used on laptops, and
# the empty string on workstations.
#
# The output is not explicitly enabled (read: disabled) if set to an empty
# string.
# If the variable contains a fully configured modeline (see default of
# DISPLAYMANAGER_RANDR_MODE_auto), the mode is defined and set.
# If the variable contains a mode name only, the mode has to be defined
# already.
#
# If a monitor is attached during Xstartup, or when invoking "xrandr --auto"
# during runtime, the output is correctly configured and a mode is
# automatically selected if none has been used so far.
#
# Variables are checked according to their extension for
#    VGA DVI_I DVI_D DVI_A Composite S_Video Component LFP Proprietary
#
DISPLAYMANAGER_RANDR_MODE_VGA=""
#DISPLAYMANAGER_RANDR_MODE_DVI_I=""
#DISPLAYMANAGER_RANDR_MODE_DVI_D=""
#DISPLAYMANAGER_RANDR_MODE_DVI_A=""
#DISPLAYMANAGER_RANDR_MODE_Compsite=""
#DISPLAYMANAGER_RANDR_MODE_S_Video=""
#DISPLAYMANAGER_RANDR_MODE_Component=""
#DISPLAYMANAGER_RANDR_MODE_LFP=""
#DISPLAYMANAGER_RANDR_MODE_Proprietary=""

## Type:        string
## Default:     "1024x768_60 64.11 1024 1080 1184 1344 768 769 772 795 -HSync +Vsync"
#
# Mode to use for laptops for DISPLAYMANAGER_RANDR_MODE_* on laptops only,
# when the according variable is set to "auto".
# (RANDR 1.2 compatible drivers only).
#
DISPLAYMANAGER_RANDR_MODE_auto="1024x768_60 64.11 1024 1080 1184 1344 768 769 772 795 -HSync +Vsync"
## Type:        string(Xorg)
## Path:        Desktop/Display manager
## Default:     "Xorg"
#
DISPLAYMANAGER_XSERVER="Xorg"
## Path:    Desktop/Display manager
## Description: settings to generate a proper displaymanager config
## Config:      kdm3

## Type:    string
## Default: 
#
# space separated list of users for which icons should be shown in KDM
# if empty, then take system defaults
#
KDM_USERS=""

## Type:    string
## Default: 
#
# Special greeting words in kdm
#
KDM_GREETSTRING=""

## Type:        string
## Default: 
#
# Defines extra Server Arguments given to the kdm display manager when
# starting a local display. Useful to override e.g. the -dpi setting.
# 
DISPLAYMANAGER_KDM_LOCALARGS=""

## Type:        string
## Default:     SUSE
#
# Define the theme to be used by kdm. If empty, the traditional login
# window is used (which lacks some features)
# 
DISPLAYMANAGER_KDM_THEME="SUSE"

Make sure you save the original !!!

Cheers

2

Or to be correct, you need to include the section “in red”

3

For goodness sake - why post this.

4

Well, you know those people always crying out loud, that “Linux has to keep up with Windows”.

That’s a step into this direction, now you have the same level of security as on a standard XP Home install, where you just like to login as root.

But there ist still something missing, how to rename “root” to “Administrator” and make him the standard login without asking for a password, then -finally!11oneone- Linux has come to “Windows level”.

Maybe this should be added here, too.

P.S. For all people not getting it, readjust your “irony detectors”, thank you

5

For those who do not quite understand the stupidity of the advice in post #1 above, first study SDB:Login as root - openSUSE and then decide for yourself.

6

Looks like they should have added a trash category when they did the forum update and sent that post there.

7

For goodness sake - why post this

simple… the question came up a number of times withing this forum and the answers remain hidden in the sub-forums.

8

rafter22 wrote:
> Looks like they should have added a trash category when they did the
> forum update and sent that post there.

my opinion, for what it is worth: remove this thread as it serves no
useful purpose and only plants an easy way for the unknowing to
destroy their system…


DenverD
When it comes to chocolate, resistance is futile.
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

9

On Thu, 14 Oct 2010 15:36:02 +0000, hcvv wrote:

> For those who doo not quite understand the stupidity of the advice in
> post #! above, first study ‘SDB:Login as root - openSUSE’
> (http://en.opensuse.org/SDB:Login_as_root) and then decide for yourself.

That would be a good addition to this HOWTO, but I would also suggest
that the topic is a valid topic because, as otto states, it is asked
about on occasion and there are valid reasons why you might do this (the
question showed up recently on the user mailing list IIRC).

Having the info in a central place with the appropriate cautions serves
the purpose of providing information that is requested and including the
cautions necessary about how you can mess your system up if you’re not
careful.

In my own experience, logging into the GUI (KDE or GNOME) as root doesn’t
automatically hose your system. Rather than tell users after the fact
that they shouldn’t and now they need to reinstall, it seems a good idea
to me to pull all the relevant information together so we can actually
educate users rather than appear to be chiding them for following a bad
security practice.

I think we need to stop giving the impression that Linux is so fragile
that doing something that is relatively easy to do will make it fall to
pieces - that isn’t the case, if one does it with information.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

10

I support Otto and Jim here. I log in as root when I need to make some particular repairs where a total free hand is convenient, when I don’t want to run a su console. Or when my user interface goes bad for some reason. IMHO this is a valuable post.

Of course, new users should understand that running a su terminal requires caution, and that logging in as root requires more caution, and that crossing the road requires even more caution.

And finally: the devs haven’t disabled the root login have they? I have Gnome and KDE for openSUSE 11.3 on two different machines and root logins work by default on both of them.

11

I agree with you guys. If we had to hide such informations to keep linux safe, we would be moving in the direction of Windows.

This is true. And I bet you’re not using the setting advised here, as it is not needed - I don’t say it doesn’t do what you expect, I believe it does. It just looks like a brute-force setting but not the only way to enable root login (even when using a display manager). So whether the post is valuable or not, the information is incomplete.

12

I don’t support this. IMHO a HOWTO on the usage of “su”, “su -c”, “kdesu”, “gnomesu” etc. would be better. Again IMHO there’s no need to run a desktop environment as root. We have dozens of threads here where the cause of all trouble appears to be originated in running a DE as root. I always explain to new users, that root is for what is under the hood, the desktop is for the user.

13

Jim and swerdna, thanks for your support.

please_try_again wrote

This is true. And I bet you’re not using the setting advised here, as it is not needed - I don’t say it doesn’t do what you expect, I believe it does. It just looks like a brute-force setting but not the only way to enable root login (even when using a display manager). So whether the post is valuable or not, the information is incomplete.

…then please could you add the info to make it complete. By the way local root login was allowed in earlier versions, where you could set it via yast in /etc/sysconfig editor. With the entry in the displaymanger file, the option appears in /etc/sysconfig editor. In other words you can switch it off.

…and thanks for the rating, who ever did it. Very encouraging.

14

Knurpht wrote

We have dozens of threads here where the cause of all trouble appears to be originated in running a DE as root. I always explain to new users, that root is for what is under the hood, the desktop is for the user.

Look I do understand your concern, and the implied concern further up. I, for myself want to look under the hood and some tasks are much easier when working with a GUI.

IMO by dis-allowing this type of login one creates “first” and “second” class users.

When I read the first few replies,…this will IMO discourage quite a number of forum members to post their findings.

Anyway cheers from OZ;)

15

I wonder why the developers of openSUSE have it the way it is?
I’m fairly sure I have not logged in as root since the SuSE Linux 8 series and I never have any trouble accomplishing tasks.
kde has a super user file manager if you really need a UI.

OK. Maybe there should be a comprehensive HowTo, but I tend to agree with @Knurpht

Saying that root login can ‘Hose’ your system is true. It doesn’t make Linux second rate. And making comparisons to M$ Windows is pointless. The two OS function completely differently. If M$ employed a ‘User’ only login, windows would be much less vulnerable but it’s users would be clueless.

16

Nobody said that login as root is needed nor advisable. Some people are willing to share any kind of knowledge with anybody. And some others are not: “Don’t cast your pearls before swine”. This is rather a philosophical than a technical question. IMHO there should be comprehensive HowTos about everything.

17

Hi caf

I wonder why the developers of openSUSE have it the way it is?

The solution to your concern could be that the default for a new installation for local root login is set to “NO”.

This gives to option to enable root login. New-comers would not know. Once there are a bit advanced…well. Their responsibility.

cheers Otto

18

On Fri, 15 Oct 2010 03:06:01 +0000, caf4926 wrote:

> Saying that root login can ‘Hose’ your system is true.

Arguably, though, a normal login can hose your system, too - if you
accidentally wipe out your data or the settings directories, you can end
up as non-functional from a desktop environment standpoint. I’ve seen
that happen as well. (It’s not as easy to do, but certainly possible).

> It doesn’t make
> Linux second rate. And making comparisons to M$ Windows is pointless.

It may be pointless, but that’s the comparison most Linux users who come
from Windows naturally make. Right or wrong, that is the appearance
that’s made.

> The two OS function completely differently. If M$ employed a ‘User’ only
> login, windows would be much less vulnerable but it’s users would be
> clueless.

Windows does employ a User only login in more recent versions - as I
recall, with Vista (and probably with 7), the default login isn’t the
Administrator account, but a user account, and you have to explicitly go
into the user settings and tell winlogon to show the administrator user.
I don’t use Windows very much, so I may have the details wrong, but
that’s what I remember the last time I booted Vista.

The way I see it is this - OSS is about openness and freedom. Protecting
users from themselves through the withholding of information, in my mind,
goes against those principles. It’s better for users to be given all
the information so they can make up their own minds.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

19

On 2010-10-14 22:36, swerdna wrote:
>
> I support Otto and Jim here.

Me too, with my ten+ years experience >:-)

One thing is to set the default to “no root graphical login”, and another thing is denying or trying
to hide the setting that allows it. It is our freedom of choice and freedom of knowledge.

That said, the initial text is not clear, doesn’t say what to do (I know what to do), and doesn’t
warn of dangers.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

20

On 2010-10-14 22:36, swerdna wrote:

> And finally: the devs haven’t disabled the root login have they? I have
> Gnome and KDE for openSUSE 11.3 on two different machines and root
> logins work by default on both of them.

It appears that an update in KDE 4.5.1. assumes a default of “no” for
“DISPLAYMANAGER_ROOT_LOGIN_LOCAL”, while the previous default was “yes”. Or that they added that
variable, assuming “no” as default.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)